mirror of https://github.com/mkerrisk/man-pages
ioctl_tty.2: Add TIOCGPTPEER documentation
This is an ioctl(2) recently added by myself, to allow for container runtimes and other programs that interact with (potentially hostile) Linux namespaces to safely create {master,slave} pseudoterminal pairs without needing to open potentially unsafe /dev/pts/... filenames that may be malicious mount points or similar in an untrusted namespace (avoiding the endless issues with ptsname(3) and similar approaches). Cc: <containers@lists.linux-foundation.org> Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
a2923df043
commit
0ec74af9db
|
@ -380,6 +380,21 @@ Place the current lock state of the pseudoterminal slave device
|
||||||
in the location pointed to by
|
in the location pointed to by
|
||||||
.IR argp
|
.IR argp
|
||||||
(since Linux 3.8).
|
(since Linux 3.8).
|
||||||
|
.TP
|
||||||
|
.BI "TIOCGPTPEER int " flags
|
||||||
|
Opens and returns a new file handle to the pseudoterminal slave
|
||||||
|
device with the given
|
||||||
|
.BR open (2)-style
|
||||||
|
.IR flags ,
|
||||||
|
regardless of whether the path is accessible through the calling process's
|
||||||
|
mount namespaces.
|
||||||
|
|
||||||
|
Security-conscious programs interacting with namespaces may wish to use this
|
||||||
|
over
|
||||||
|
.BR open (2)
|
||||||
|
with the path provided by
|
||||||
|
.BR ptsname (3),
|
||||||
|
and similar library methods that have insecure APIs (since Linux 4.13).
|
||||||
.PP
|
.PP
|
||||||
The BSD ioctls
|
The BSD ioctls
|
||||||
.BR TIOCSTOP ,
|
.BR TIOCSTOP ,
|
||||||
|
|
Loading…
Reference in New Issue